From a4ae79e7944ba15db4ca3fef9ed3285a4d22b55b Mon Sep 17 00:00:00 2001 From: Ted Blackman Date: Fri, 25 Jun 2021 18:11:18 -0400 Subject: [PATCH] gall: compiles with nonce in wire --- pkg/arvo/sys/lull.hoon | 2 +- pkg/arvo/sys/vane/gall.hoon | 221 ++++++++++++++++++++++++------------ 2 files changed, 150 insertions(+), 73 deletions(-) diff --git a/pkg/arvo/sys/lull.hoon b/pkg/arvo/sys/lull.hoon index cef2295a14..f0689ad652 100644 --- a/pkg/arvo/sys/lull.hoon +++ b/pkg/arvo/sys/lull.hoon @@ -1652,7 +1652,7 @@ +$ bitt (map duct (pair ship path)) :: incoming subs +$ boat :: outgoing subs %+ map [=wire =ship =term] :: - [acked=? =path] :: + [acked=? =path nonce=@] :: +$ bowl :: standard app state $: $: our=ship :: host src=ship :: guest diff --git a/pkg/arvo/sys/vane/gall.hoon b/pkg/arvo/sys/vane/gall.hoon index 72ebeafa17..c4ebc59af7 100644 --- a/pkg/arvo/sys/vane/gall.hoon +++ b/pkg/arvo/sys/vane/gall.hoon @@ -14,7 +14,7 @@ +$ move [=duct move=(wind note-arvo gift-arvo)] :: $state-8: overall gall state, versioned :: -+$ state-8 [%8 state] ++$ state-9 [%9 state] :: $state: overall gall state :: :: system-duct: TODO document @@ -57,7 +57,7 @@ +$ yoke $: control-duct=duct run-nonce=@t - sub-nonce=@ + sub-nonce=_1 live=? =stats =watches @@ -119,7 +119,7 @@ :: $spore: structures for update, produced by +stay :: +$ spore - $: %8 + $: %9 system-duct=duct outstanding=(map [wire duct] (qeu remote-request)) contacts=(set ship) @@ -131,6 +131,7 @@ +$ egg $: control-duct=duct run-nonce=@t + sub-nonce=@ live=? =stats =watches @@ -167,7 +168,7 @@ [^duct %pass /whiz/gall %$ %whiz ~]~ =/ adult adult-core =. state.adult - [%8 system-duct outstanding contacts yokes=~ blocked]:spore + [%9 system-duct outstanding contacts yokes=~ blocked]:spore =/ mo-core (mo-abed:mo:adult duct) =. mo-core =/ apps=(list [dap=term =egg]) ~(tap by eggs.spore) @@ -226,9 +227,9 @@ :: ++ load |^ |= old=spore-any - =? old ?=(%7 -.old) - (spore-7-to-8 old) - ?> ?=(%8 -.old) + =? old ?=(%7 -.old) (spore-7-to-8 old) + =? old ?=(%8 -.old) (spore-8-to-9 old) + ?> ?=(%9 -.old) =. spore old ?. =(~ eggs.spore) pupal-gate @@ -237,32 +238,79 @@ state spore(eggs *(map term yoke)) == :: - +$ spore-any $%(^spore spore-7) + +$ spore-any $%(^spore spore-8 spore-7) +$ spore-7 $: %7 wipe-eyre-subs=_| ::NOTE band-aid for #3196 system-duct=duct outstanding=(map [wire duct] (qeu remote-request)) contacts=(set ship) - eggs=(map term egg) + eggs=(map term egg-7) blocked=(map term (qeu blocked-move)) == :: + +$ spore-8 + $: %8 + system-duct=duct + outstanding=(map [wire duct] (qeu remote-request)) + contacts=(set ship) + eggs=(map term egg-8) + blocked=(map term (qeu blocked-move)) + == + :: + +$ egg-7 egg-8 + +$ egg-8 + $: control-duct=duct + run-nonce=@t + live=? + =stats + watches=watches-8 + old-state=(each vase vase) + =beak + marks=(map duct mark) + == + :: + +$ watches-8 [inbound=bitt outbound=boat-8] + +$ boat-8 (map [wire ship term] [acked=? =path]) + :: ++ spore-7-to-8 |= old=spore-7 - ^- ^spore + ^- spore-8 :- %8 =. eggs.old %- ~(urn by eggs.old) - |= [a=term e=egg] + |= [a=term e=egg-7] ::NOTE kiln will kick off appropriate app revival e(old-state [%| p.old-state.e]) +>.old + :: + ++ spore-8-to-9 + |= old=spore-8 + ^- ^spore + =- old(- %9, eggs -) + %- ~(run by eggs.old) + |= =egg-8 + ^- egg + :* control-duct.egg-8 + run-nonce.egg-8 + sub-nonce=0 + live.egg-8 + stats.egg-8 + [inbound.watches.egg-8 (boat-8-to-9 outbound.watches.egg-8)] + [old-state beak marks]:egg-8 + == + :: + ++ boat-8-to-9 + |= =boat-8 + ^- boat + %- ~(run by boat-8) + |= [acked=? =path] + [acked path nonce=0] -- -- :: adult gall vane interface, for type compatibility with pupa :: -=| state=state-8 +=| state=state-9 |= [now=@da eny=@uvJ rof=roof] =* gall-payload . =< ~% %gall-wrap ..mo ~ @@ -458,7 +506,7 @@ [%a %plea ship %g path ames-request-all] :: =. outstanding.state - =/ stan + =/ stand (~(gut by outstanding.state) [wire hen] *(qeu remote-request)) (~(put by outstanding.state) [wire hen] (~(put to stand) -.deal)) (mo-pass wire note-arvo) @@ -1039,7 +1087,7 @@ :: ++ ap-nuke ^+ ap-core - =/ out=(list [[=wire =ship =term] ? =path]) + =/ out=(list [[=wire =ship =term] ? =path nonce=@]) ~(tap by outbound.watches.yoke) =/ inbound-paths=(set path) %- silt @@ -1052,7 +1100,7 @@ ~ [%give %kick ~(tap in inbound-paths) ~]~ %+ turn ~(tap by outbound.watches.yoke) - |= [[=wire =ship =term] ? =path] + |= [[=wire =ship =term] ? =path nonce=@] [%pass wire %agent [ship term] %leave ~] =^ maybe-tang ap-core (ap-ingest ~ |.([will *agent])) ap-core @@ -1142,11 +1190,6 @@ %huck [%out (scot %p ship.neet) name.neet wire] %arvo [(scot %p attributing.agent-routes) wire] == - :: increment nonce for new subscription - :: - =? run-nonce.current-agent - &(?=(%agent -.neet) ?=(?(%watch %watch-as) -.deal.neet)) - +(run-nonce.current-agent :: =/ =note-arvo ?- -.neet @@ -1170,7 +1213,7 @@ core(agent-duct agent-duct) $(in t.in) :: - =/ out=(list [[=wire =^ship =term] ? =path]) + =/ out=(list [[=wire =^ship =term] ? =path nonce=@]) ~(tap by outbound.watches.yoke) |- ^+ ap-core ?~ out @@ -1178,7 +1221,8 @@ =? ap-core =(ship ship.i.out) =/ core =. agent-duct system-duct.state - =/ way [%out (scot %p ship) term.i.out wire.i.out] + =/ way + [%out (scot %p ship) term.i.out (scot %ud nonce.i.out) wire.i.out] (ap-specific-take way %kick ~) core(agent-duct agent-duct) $(out t.out) @@ -1293,15 +1337,6 @@ ?: ?=(%& -.res) ``want^p.res ((slog leaf+"peek failed tube from {(trip have)} to {(trip want)}" ~) ~) - :: +ap-update-subscription: update subscription. - :: - ++ ap-update-subscription - ~/ %ap-update-subscription - |= [is-ok=? =other=ship other-agent=term =wire] - ^+ ap-core - ?: is-ok - ap-core - (ap-kill-down wire [other-ship other-agent]) :: +ap-move: send move :: ++ ap-move @@ -1433,48 +1468,79 @@ %- ap-move :_ ~ :^ hen %pass /nowhere [%c %warp our q.beak.yoke ~ %sing %b case /[mark.unto]] + |^ ^+ ap-core + :: %poke-ack has no nonce :: - :: if subscription ack or close, handle before calling user code + ?: ?=(%poke-ack -.sign) + ingest-and-check-error + :: pop nonce off .agent-wire and match against stored subscription + =^ nonce=@ agent-wire [(slav %ud (head agent-wire)) (tail agent-wire)] + =/ sub-key [agent-wire dock] + =/ wat (~(get by outbound.watches.yoke) sub-key) + ?~ wat + :: we should be subscribed, but if not, no-op for integrity + :: + %. ap-core + %- slog :~ + leaf+"{}: got {<-.sign>} for nonexistent subscription" + leaf+"{}: {}" + >wire=wire< + == + :: make sure wire nonce matches stored nonce :: - =? outbound.watches.yoke ?=(%kick -.sign) - %- ~(del by outbound.watches.yoke) - [agent-wire dock] - ?: ?& ?=(%watch-ack -.sign) - !(~(has by outbound.watches.yoke) [agent-wire dock]) - == - %- %: slog - leaf+"{}: got ack for nonexistent subscription" - leaf+"{}: {}" - >wire=wire< - ~ - == - ap-core + ?. =(nonce.u.wat nonce) + %. ap-core + %- slog :~ + =/ nonces [expected=nonce.u.wat got=nonce] + =/ ok |(?=(?(%fact %kick) -.sign) =(~ p.sign)) + leaf+"{}: stale %watch-ack {} ok={}" + :: + leaf+"{}: {}" + >wire=wire< + == + ?- -.sign + %fact + =^ tan ap-core ingest + ?~ tan ap-core + =. ap-core (ap-kill-down sub-key) + (ap-error -.sign leaf/"take %fact failed, closing subscription" u.tan) :: - =? outbound.watches.yoke ?=(%watch-ack -.sign) - ?^ p.sign + %kick + :: if subscription ack or close, handle before calling user code + :: + =. outbound.watches.yoke %- ~(del by outbound.watches.yoke) [agent-wire dock] - %+ ~(jab by outbound.watches.yoke) [agent-wire dock] - |= [acked=? =path] - =. . - ?. acked - . - %- =/ =tape - "{}: received 2nd watch-ack on {}" - (slog leaf+tape ~) - . - [& path] + :: + ingest-and-check-error :: - =^ maybe-tang ap-core - %+ ap-ingest ~ |. - (on-agent:ap-agent-core agent-wire sign) - :: if failed %fact handling, kill subscription - :: - =? ap-core ?=(%fact -.sign) - (ap-update-subscription =(~ maybe-tang) p.dock q.dock agent-wire) - ?^ maybe-tang - (ap-error -.sign leaf/"closing subscription" u.maybe-tang) - ap-core + %watch-ack + ?. (~(has by outbound.watches.yoke) sub-key) + %- %: slog + leaf+"{}: got ack for nonexistent subscription" + leaf+"{}: {}" + >wire=wire< + ~ + == + ap-core + =. outbound.watches.yoke + ?^ p.sign + (~(del by outbound.watches.yoke) sub-key) + :: + %+ ~(jab by outbound.watches.yoke) sub-key + |= val=[acked=? =path nonce=@] + =? . acked.val + %.(. (slog leaf+"{} 2nd watch-ack on {}" ~)) + val(acked &) + :: + ingest-and-check-error + == + ++ ingest (ap-ingest ~ |.((on-agent:ap-agent-core agent-wire sign))) + ++ ingest-and-check-error + ^+ ap-core + =^ tan ap-core ingest + ?~(tan ap-core (ap-error -.sign leaf/"take {<-.sign>} failed" u.tan)) + -- :: +ap-install: install wrapper. :: ++ ap-install @@ -1674,7 +1740,8 @@ $(moves t.moves, new-moves [move new-moves]) =/ =wire p.move.move ?> ?=([%use @ @ %out @ @ *] wire) - =/ [sys-wire=^wire sub-wire=^wire] [(scag 6 wire) (slag 6 wire)] + =/ sys-wire=^wire (scag 6 `^wire`wire) + =/ sub-wire=^wire (slag 6 `^wire`wire) =/ [=dock =deal] [[q.p q] r]:q.move.move :: ?: (~(has by outbound.watches.yoke) sub-wire dock) @@ -1682,13 +1749,23 @@ =/ =tang ~[leaf+"subscribe wire not unique" >agent-name< >sub-wire< >dock<] =/ have - (~(got by outbound.watches.yoke) short-wire dock) + (~(got by outbound.watches.yoke) sub-wire dock) %- (slog >out=have< tang) (ap-error %watch-not-unique tang) :: reentrant, maybe bad? $(moves t.moves) - =. outbound.watches.yoke - (~(put by outbound.watches.yoke) [short-wire dock] [| path]) - $(moves t.moves, new-moves [move new-moves]) + :: + =. p.move.move + (weld sys-wire [(scot %ud sub-nonce.yoke) sub-wire]) + %= $ + moves t.moves + new-moves [move new-moves] + sub-nonce.current-agent +(sub-nonce.current-agent) + outbound.watches.current-agent + %+ ~(put by outbound.watches.yoke) [sub-wire dock] + :+ acked=| + path=?+(-.deal !! %watch path.deal, %watch-as path.deal) + sub-nonce.yoke + == -- -- :: +call: request